build(deps): bump github.com/containers/common from 0.26.0 to 0.26.3

Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3. - [Release notes](https://github.com/containers/common/releases) - [Commits](containers/common@v0.26.0...v0.26.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-12-16 12:29:28 +08:00 · 2020-10-27 06:57:49 -04:00
parent 3a62b4d6b7
commit 2099c86f33
74 changed files with 511 additions and 439 deletions
--- a/vendor/github.com/containers/image/v5/signature/mechanism.go
+++ b/vendor/github.com/containers/image/v5/signature/mechanism.go
@@ -28,8 +28,8 @@ type SigningMechanism interface {
 	Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error)
 	// UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION,
 	// along with a short identifier of the key used for signing.
-	// WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys)
-	// is NOT the same as a "key identity" used in other calls ot this interface, and
+	// WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys)
+	// is NOT the same as a "key identity" used in other calls to this interface, and
 	// the values may have no recognizable relationship if the public key is not available.
 	UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error)
 }
@@ -58,8 +58,8 @@ func NewEphemeralGPGSigningMechanism(blob []byte) (SigningMechanism, []string, e

 // gpgUntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION,
 // along with a short identifier of the key used for signing.
-// WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys)
-// is NOT the same as a "key identity" used in other calls ot this interface, and
+// WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys)
+// is NOT the same as a "key identity" used in other calls to this interface, and
 // the values may have no recognizable relationship if the public key is not available.
 func gpgUntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) {
 	// This uses the Golang-native OpenPGP implementation instead of gpgme because we are not doing any cryptography.
@@ -75,7 +75,7 @@ func gpgUntrustedSignatureContents(untrustedSignature []byte) (untrustedContents
 		// Coverage: An error during reading the body can happen only if
 		// 1) the message is encrypted, which is not our case (and we don’t give ReadMessage the key
 		// to decrypt the contents anyway), or
-		// 2) the message is signed AND we give ReadMessage a correspnding public key, which we don’t.
+		// 2) the message is signed AND we give ReadMessage a corresponding public key, which we don’t.
 		return nil, "", err
 	}

--- a/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go
+++ b/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go
@@ -167,8 +167,8 @@ func (m *gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []b

 // UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION,
 // along with a short identifier of the key used for signing.
-// WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys)
-// is NOT the same as a "key identity" used in other calls ot this interface, and
+// WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys)
+// is NOT the same as a "key identity" used in other calls to this interface, and
 // the values may have no recognizable relationship if the public key is not available.
 func (m *gpgmeSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) {
 	return gpgUntrustedSignatureContents(untrustedSignature)
--- a/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
+++ b/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
@@ -151,8 +151,8 @@ func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents [

 // UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION,
 // along with a short identifier of the key used for signing.
-// WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys)
-// is NOT the same as a "key identity" used in other calls ot this interface, and
+// WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys)
+// is NOT the same as a "key identity" used in other calls to this interface, and
 // the values may have no recognizable relationship if the public key is not available.
 func (m *openpgpSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) {
 	return gpgUntrustedSignatureContents(untrustedSignature)
--- a/vendor/github.com/containers/image/v5/signature/policy_config.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_config.go
@@ -1,4 +1,4 @@
-// policy_config.go hanles creation of policy objects, either by parsing JSON
+// policy_config.go handles creation of policy objects, either by parsing JSON
 // or by programs building them programmatically.

 // The New* constructors are intended to be a stable API. FIXME: after an independent review.
@@ -516,7 +516,7 @@ func newPolicyReferenceMatchFromJSON(data []byte) (PolicyReferenceMatch, error)
 	return res, nil
 }

-// newPRMMatchExact is NewPRMMatchExact, except it resturns the private type.
+// newPRMMatchExact is NewPRMMatchExact, except it returns the private type.
 func newPRMMatchExact() *prmMatchExact {
 	return &prmMatchExact{prmCommon{Type: prmTypeMatchExact}}
 }
@@ -546,7 +546,7 @@ func (prm *prmMatchExact) UnmarshalJSON(data []byte) error {
 	return nil
 }

-// newPRMMatchRepoDigestOrExact is NewPRMMatchRepoDigestOrExact, except it resturns the private type.
+// newPRMMatchRepoDigestOrExact is NewPRMMatchRepoDigestOrExact, except it returns the private type.
 func newPRMMatchRepoDigestOrExact() *prmMatchRepoDigestOrExact {
 	return &prmMatchRepoDigestOrExact{prmCommon{Type: prmTypeMatchRepoDigestOrExact}}
 }
@@ -576,7 +576,7 @@ func (prm *prmMatchRepoDigestOrExact) UnmarshalJSON(data []byte) error {
 	return nil
 }

-// newPRMMatchRepository is NewPRMMatchRepository, except it resturns the private type.
+// newPRMMatchRepository is NewPRMMatchRepository, except it returns the private type.
 func newPRMMatchRepository() *prmMatchRepository {
 	return &prmMatchRepository{prmCommon{Type: prmTypeMatchRepository}}
 }
@@ -606,7 +606,7 @@ func (prm *prmMatchRepository) UnmarshalJSON(data []byte) error {
 	return nil
 }

-// newPRMExactReference is NewPRMExactReference, except it resturns the private type.
+// newPRMExactReference is NewPRMExactReference, except it returns the private type.
 func newPRMExactReference(dockerReference string) (*prmExactReference, error) {
 	ref, err := reference.ParseNormalizedNamed(dockerReference)
 	if err != nil {
@@ -652,7 +652,7 @@ func (prm *prmExactReference) UnmarshalJSON(data []byte) error {
 	return nil
 }

-// newPRMExactRepository is NewPRMExactRepository, except it resturns the private type.
+// newPRMExactRepository is NewPRMExactRepository, except it returns the private type.
 func newPRMExactRepository(dockerRepository string) (*prmExactRepository, error) {
 	if _, err := reference.ParseNormalizedNamed(dockerRepository); err != nil {
 		return nil, InvalidPolicyFormatError(fmt.Sprintf("Invalid format of dockerRepository %s: %s", dockerRepository, err.Error()))
--- a/vendor/github.com/containers/image/v5/signature/policy_eval.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_eval.go
@@ -1,5 +1,5 @@
 // This defines the top-level policy evaluation API.
-// To the extent possible, the interface of the fuctions provided
+// To the extent possible, the interface of the functions provided
 // here is intended to be completely unambiguous, and stable for users
 // to rely on.

@@ -47,7 +47,7 @@ type PolicyRequirement interface {
 	// - sarUnknown if if this PolicyRequirement does not deal with signatures.
 	//   NOTE: sarUnknown should not be returned if this PolicyRequirement should make a decision but something failed.
 	//   Returning sarUnknown and a non-nil error value is invalid.
-	// WARNING: This makes the signature contents acceptable for futher processing,
+	// WARNING: This makes the signature contents acceptable for further processing,
 	// but it does not necessarily mean that the contents of the signature are
 	// consistent with local policy.
 	// For example:
@@ -166,7 +166,7 @@ func (pc *PolicyContext) requirementsForImageRef(ref types.ImageReference) Polic
 // verified).
 // NOTE: This may legitimately return an empty list and no error, if the image
 // has no signatures or only invalid signatures.
-// WARNING: This makes the signature contents acceptable for futher processing,
+// WARNING: This makes the signature contents acceptable for further processing,
 // but it does not necessarily mean that the contents of the signature are
 // consistent with local policy.
 // For example:
--- a/vendor/github.com/containers/image/v5/signature/policy_reference_match.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_reference_match.go
@@ -51,7 +51,7 @@ func (prm *prmMatchRepoDigestOrExact) matchesDockerReference(image types.Unparse
 		return signature.String() == intended.String()
 	case reference.Canonical:
 		// We don’t actually compare the manifest digest against the signature here; that happens prSignedBy.in UnparsedImage.Manifest.
-		// Becase UnparsedImage.Manifest verifies the intended.Digest() against the manifest, and prSignedBy verifies the signature digest against the manifest,
+		// Because UnparsedImage.Manifest verifies the intended.Digest() against the manifest, and prSignedBy verifies the signature digest against the manifest,
 		// we know that signature digest matches intended.Digest() (but intended.Digest() and signature digest may use different algorithms)
 		return signature.Name() == intended.Name()
 	default: // !reference.IsNameOnly(intended)
--- a/vendor/github.com/containers/image/v5/signature/signature.go
+++ b/vendor/github.com/containers/image/v5/signature/signature.go
@@ -210,7 +210,7 @@ type signatureAcceptanceRules struct {
 	validateSignedDockerManifestDigest func(digest.Digest) error
 }

-// verifyAndExtractSignature verifies that unverifiedSignature has been signed, and that its principial components
+// verifyAndExtractSignature verifies that unverifiedSignature has been signed, and that its principal components
 // match expected values, both as specified by rules, and returns it
 func verifyAndExtractSignature(mech SigningMechanism, unverifiedSignature []byte, rules signatureAcceptanceRules) (*Signature, error) {
 	signed, keyIdentity, err := mech.Verify(unverifiedSignature)
@@ -248,7 +248,7 @@ func verifyAndExtractSignature(mech SigningMechanism, unverifiedSignature []byte
 // There is NO REASON to expect the values to be correct, or not intentionally misleading
 // (including things like “✅ Verified by $authority”)
 func GetUntrustedSignatureInformationWithoutVerifying(untrustedSignatureBytes []byte) (*UntrustedSignatureInformation, error) {
-	// NOTE: This should eventualy do format autodetection.
+	// NOTE: This should eventually do format autodetection.
 	mech, _, err := NewEphemeralGPGSigningMechanism([]byte{})
 	if err != nil {
 		return nil, err